Linux Debian Packaging – Prevent Directory Removal After Purge

debiandpkglinuxpackaging

I'm trying to create a Debian package that doesn't delete an empty directory after it's purged. Specifically, I'm creating my own package containing some CA certificates I trust.

I'm following Debian's suggested method of installing the certificates to /usr/local/share/ca-certificates. The problem I'm running in to is that the ca-certificates package creates /usr/local/share/ca-certificates when it's installed and I'd like that directory to stick around when my package is purged.

My goal is to install my trust chain into /usr/local/share/ca-certificates/mychain but when my Debian package is removed I want dpkg to not remove /usr/local/share/ca-certificates if it's empty since the ca-certificates package explicitly created that directory.

I searched around for a definitive answer but all I managed to find were long forum posts and e-mail threads.

Best Answer

Add postrm script:

#!/bin/sh

set -e

case "$1" in
  purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
    # Recreate the /usr/local/share/ca-certificates directory, since we are
    # ignoring Debian Policy by intentionally installing here. Removal of
    # ca-certificates-local removes this directory if empty.
    if [ ! -e /usr/local/share/ca-certificates ]; then
        if mkdir /usr/local/share/ca-certificates 2>/dev/null; then
            chown root:staff /usr/local/share/ca-certificates
            chmod 2775 /usr/local/share/ca-certificates
        fi
    fi
;;

*)
    echo "postrm called with unknown argument \`$1'" >&2
    exit 1
;;
esac

#DEBHELPER#

exit 0

This code is from ca-certificates-local:

This is an example stub source package that includes a dummy CA certificate in the local/ directory. Remove the dummy certificate, copy your trusted local root CA (in PEM format with the filename ending in ".crt") to the local/ directory, edit files in the debian/ directory as desired, and build your custom package.

See README, Steps to build your custom local root CA package from this example

So, the quick way to create and install such packages:

git clone git://anonscm.debian.org/collab-maint/ca-certificates.git ~/ca-certificates
cd ~/ca-certificates/examples/ca-certificates-local/
rm local/Local_Root_CA.crt
cp <path-to-your-cert> local/
# edit debian/control: change package-name, description, etc
# install build dependencies: http://unix.stackexchange.com/questions/177505/how-to-install-parse-build-dependencies-from-debian-control/211319#211319
dpkg-buildpackage
dpkg -i ../<package-name-version>.deb

Best Answer

Related Solutions

Debian – Is it possible to have a Debian package pre-install script run apt-get commands

Linux – Add and Compile apt-get package manager for LFS

Update

Related Question